ambari git commit: AMBARI-17787. LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (FE) (akovalenko)

akovalenko Tue, 13 Sep 2016 05:33:53 -0700

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 275d5dffc -> 29b388903



AMBARI-17787. LDAPS must be used to communicate with an Active Directory when 
Kerberos is being enabled (FE) (akovalenko)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/29b38890
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/29b38890
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/29b38890

Branch: refs/heads/branch-2.5
Commit: 29b3889032428e0d7af11255f9b7ed755960b314
Parents: 275d5df
Author: Aleksandr Kovalenko <[email protected]>
Authored: Tue Jul 19 14:53:07 2016 +0300
Committer: Aleksandr Kovalenko <[email protected]>
Committed: Tue Sep 13 15:32:43 2016 +0300

----------------------------------------------------------------------
 .../1.10.3-10/configuration/kerberos-env.xml       |  2 ++
 ambari-web/app/messages.js                         |  1 +
 ambari-web/app/utils/config.js                     |  4 ++++
 ambari-web/app/utils/validator.js                  | 10 ++++++++++
 ambari-web/test/utils/validator_test.js            | 17 +++++++++++++++++
 5 files changed, 34 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/29b38890/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 
b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
index 9f6b446..7016437 100644
--- 
a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
+++ 
b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
@@ -82,11 +82,13 @@
     <display-name>LDAP url</display-name>
     <description>
       The URL to the Active Directory LDAP Interface
+      Example: ldaps://ad.example.com:636
     </description>
     <value/>
     <value-attributes>
       <visible>false</visible>
       <overridable>false</overridable>
+      <type>ldap_url</type>
     </value-attributes>
     <on-ambari-upgrade add="true"/>
   </property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/29b38890/ambari-web/app/messages.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js
index 0640916..076aa6d 100644
--- a/ambari-web/app/messages.js
+++ b/ambari-web/app/messages.js
@@ -3039,6 +3039,7 @@ Em.I18n.translations = {
   'errorMessage.config.number.float': 'Must be a valid number',
   'errorMessage.config.mail': 'Must be a valid email address',
   'errorMessage.config.user': 'Value is not valid',
+  'errorMessage.config.ldapUrl': 'Must be a valid LDAP url',
   'errorMessage.config.password': 'Passwords do not match',
   'errorMessage.config.directory.heterogeneous': 'dir format is wrong, can be 
"[{storage type}]/{dir name}"',
   'errorMessage.config.directory.default': 'Must be a slash or drive at the 
start, and must not contain white spaces',

http://git-wip-us.apache.org/repos/asf/ambari/blob/29b38890/ambari-web/app/utils/config.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/config.js b/ambari-web/app/utils/config.js
index 0a4d546..3110685 100644
--- a/ambari-web/app/utils/config.js
+++ b/ambari-web/app/utils/config.js
@@ -619,6 +619,10 @@ App.config = Em.Object.create({
         return function (value) {
           return !validator.isValidDbName(value) ? 
Em.I18n.t('errorMessage.config.user') : '';
         };
+      case 'ldap_url':
+        return function (value) {
+          return !validator.isValidLdapsURL(value) ? 
Em.I18n.t('errorMessage.config.ldapUrl') : '';
+        };
       default:
         return function (value, name) {
           if (['javax.jdo.option.ConnectionURL', 
'oozie.service.JPAService.jdbc.url'].contains(name)

http://git-wip-us.apache.org/repos/asf/ambari/blob/29b38890/ambari-web/app/utils/validator.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/validator.js 
b/ambari-web/app/utils/validator.js
index 6929fa2..7b08d37 100644
--- a/ambari-web/app/utils/validator.js
+++ b/ambari-web/app/utils/validator.js
@@ -322,6 +322,16 @@ module.exports = {
   isValidAlertName: function(value) {
     var alertNameRegex = /^[\s0-9a-z_\-%]+$/i;
     return alertNameRegex.test(value);
+  },
+
+  /**
+   * Validate ldaps URL
+   * @param {string} value
+   * @returns {boolean}
+   */
+  isValidLdapsURL: function(value) {
+    var ldapsUrlRegex = 
/^(ldaps):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?)(:\d*)?)(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)?(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7
 
FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/i;
+    return ldapsUrlRegex.test(value);
   }
 
 };

http://git-wip-us.apache.org/repos/asf/ambari/blob/29b38890/ambari-web/test/utils/validator_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/utils/validator_test.js 
b/ambari-web/test/utils/validator_test.js
index f07539d..f542c7a 100644
--- a/ambari-web/test/utils/validator_test.js
+++ b/ambari-web/test/utils/validator_test.js
@@ -480,4 +480,21 @@ describe('validator', function () {
       })
     });
   });
+
+  describe('#isValidLdapsURL()', function() {
+    var tests = [
+      {m: '"" - invalid', i: '', e: false},
+      {m: '"http://example.com"; - invalid', i: 'http://example.com', e: false},
+      {m: '"ldap://example.com"; - invalid', i: 'ldap://example.com', e: false},
+      {m: '"ldaps://example.com" - valid', i: 'ldaps://example.com', e: true},
+      {m: '"ldaps://example.com:636" - valid', i: 'ldaps://example.com:636', 
e: true},
+      {m: '"ldaps://example.com:636/path" - valid', i: 
'ldaps://example.com:636/path', e: true},
+      {m: '"ldaps://example.com:6eeee36/path" - valid', i: 
'ldaps://example.com:6eee36/path', e: false}
+    ];
+    tests.forEach(function(test) {
+      it(test.m + ' ', function () {
+        expect(validator.isValidLdapsURL(test.i)).to.equal(test.e);
+      })
+    });
+  });
 });

ambari git commit: AMBARI-17787. LDAPS must be used to communicate with an Active Directory when Kerberos is being enabled (FE) (akovalenko)

Reply via email to